Ask LH: Is It OK To Use My Facebook Account To Sign Into Apps?

Dear Lifehacker, Why do all these apps on my phone and on the web want my Facebook (or Twitter and Google) information to sign up for an account? Is it safe to do this? Sincerely, Signing Off?

Dear SO,

Social logins are common these days. You need a Twitter, Facebook or Google account for a lot of services. Sites and apps want to link to your social network account for two main reasons: authentication (it saves them from storing your password and info), and to collect your data from your social network. Here's what each of them do, and why you might not want to use them.

Why Services Require You to Sign In with a Social Network Account

The main reason services require you to sign in with a social network account is a security measure called OAuth. OAuth is basically a means to log in to a third-party site using your Facebook, Google or Twitter information. This means websites don't have to worry about keeping your password and username secure.

Basically, when you log in to a site with OAuth, you're granting them access to your account — like you're showing them the secret back gate to get in — but you can close that gate at any time. They don't get the keys to the house, they just know where the door is. This means if the third-party site is compromised, your Facebook, Twitter or Google account are safe (although the services you grant access to can continue to post, read or whatever else on your behalf if you don't cut that off).

In a lot of cases, the OAuth authentication is all an app wants or needs. However, in other cases, you're also granting apps access to your data. Calendar apps, address books, music services and anything that uses your social network to provide news commonly do this. When you sign up for a service, you're taken to your Facebook, Google or Twitter page and shown what that service has access to, if it can post to your account, and who can see those posts. On their own, these aren't dangerous (unless you're worried about services collecting your data), but they do have the potential to get annoying.

Fortunately, it's incredibly easy to see what those apps have access to and revoke their privileges.

Why You Might Not Want to Use Your Social Networks with Apps

In a lot of cases, social integration — whether it's in the form of accessing data or as a security measure — is a good thing, but that doesn't mean apps don't end up doing annoying things on your social network accounts. As a good rule of thumb, if you don't want anything automatically showing up on Facebook or Twitter, don't let apps post for you. In the case of Facebook, you can at least change the "Posts on your behalf" setting to Only Me" so if the app does post something, nobody will actually see it. If you want to revoke those permissions completely, it's pretty easy to do manually, or with a service like the previously mentionedMyPermissions.

Review Your Facebook App Permissions

A lot of apps want access to your Facebook account so they can integrate social features. For example, a number of calendars want access so they can add in birthdays and events. In most cases, these apps only have access to your events, but not every service out there plays nice with your account. Reviewing your permissions is very easy:

Visit Facebook, click the gear icon in the top right, and select "Account Settings".

Click the "Apps" tab on the left side (or just head straight to it if you're already signed in).

Select "Edit" to change the permissions of any app, or click the "X" to revoke access to your Facebook account.

Review the list, what type of access they have and click "Revoke Access" if you no longer want them.

The main cause of concern you should have with any app that has access to your social network account is that they can access your personal data or post something without you realising it. If you don't like giving that data away freely, you're best off searching for services that allow an email login instead of linking to your social network account. Reviewing the privacy policy of any app you link is also important, and if nothing else, check the permissions to make sure it can't post something without you knowing it.

Cheers
Lifehacker

Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.

Comments

My big gripe with this is that it's not always obvious where the non facebook etc login is. I've even been to sites where there is no other option but a social sign in although I can't remember them offhand now. Personally, I point blank refuse to sign in via a social page.

You could just create a new Google, FB and Twitter account specifically for signing onto those sites, and have no, or fake info in the accounts. Long-term it's actually a better idea, give the OAuth stuff above (revoking access) and you only have to maintain three credentials for many sites, instead of credentials for each site.

Not really, once you synced your account to Facebook (i had too when spotify was first launched to try it under pressure of friends) I removed the app access to my facebook (i find the app crap because 90% of the music i wanted was unavaliable) and when going back to it later again to try, i couldnt make an account because it had remembered that my email address was saved due to my FB login.. the fact that you can remove a login is crap, it retains that email account in memory forever.

i dislike oAuth with a passion myself, but some cases am forced to use it.
(thats where twitter is a joy)

Down Votes

Only logged in users may vote for comments!

Get Permalink

Trending Stories Right Now

As the copper phone network goes from bad to worse, decent broadband is still years away for many Australians. If your phone line is slowly failing but the NBN is still years from your street, what's your fallback broadband plan? As I personally discovered, the available options aren't great...

TPG currently stands as the second largest internet service provider (ISP) in Australia and is a force to be reckoned with in the telecommunications industry. Its rapid growth is mainly attributed to strategic acquisitions it has made in recent years. One of those acquisitions was iiNet, an ISP that boasted high customer satisfaction rates and was well-respected in the telco community.
It has been over a year since TPG bought iiNet and the situation looks bleak for the ISP that was once the darling of the telco industry. Most recently, iiNet's Sydney office was shut down and most of the staff were made redundant. We spoke to one former iiNet employee to get the insider story on the aftermath of the TPG acquisition. We also spoke with iiNet to get its side of the story.